Package org.astrogrid.samp.web
Class CorsHttpServer
java.lang.Object
org.astrogrid.samp.httpd.HttpServer
org.astrogrid.samp.web.CorsHttpServer
- Direct Known Subclasses:
LoggingCorsHttpServer
HttpServer which allows or rejects cross-origin access according to
the W3C Cross-Origin Resource Sharing standard.
This standard is used by XMLHttpResource Level 2 and some other
web-based platforms, implemented by a number of modern browsers,
and works by the browser inserting and interpreting special headers
when cross-origin requests are made by sandboxed clients.
The effect is that sandboxed clients will under some circumstances
be permitted to access resources served by instances of this server,
where they wouldn't for an HTTP server which did not take special
measures.
- Since:
- 2 Feb 2011
- Author:
- Mark Taylor
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class org.astrogrid.samp.httpd.HttpServer
HttpServer.Handler, HttpServer.Request, HttpServer.Response
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
System property ("jsamp.web.extrahosts") which can be used to supply host addresses explicitly permitted to connect via the Web Profile alongside the local host.Fields inherited from class org.astrogrid.samp.httpd.HttpServer
HDR_CONTENT_TYPE, STATUS_OK
-
Constructor Summary
ConstructorsConstructorDescriptionCorsHttpServer
(ServerSocket socket, OriginAuthorizer authorizer) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionstatic HttpServer.Response
Returns an HTTP error response complaining about attempted access from a disallowed host.static boolean
isExtraHost
(SocketAddress addr) Indicates whether a given address represents one of the "extra" hosts permitted to access this server alongside the localhost.static boolean
isLocalHost
(SocketAddress address) Indicates whether the given socket address is from the local host.boolean
isPermittedHost
(SocketAddress address) Indicates whether a network address is known to represent a host permitted to access this server.serve
(HttpServer.Request request) Does the work for providing output corresponding to a given HTTP request.Methods inherited from class org.astrogrid.samp.httpd.HttpServer
addHandler, create405Response, createErrorResponse, createErrorResponse, getBaseUrl, getHeader, getSocket, isRunning, removeHandler, serveRequest, setDaemon, start, stop
-
Field Details
-
EXTRAHOSTS_PROP
System property ("jsamp.web.extrahosts") which can be used to supply host addresses explicitly permitted to connect via the Web Profile alongside the local host. Normally any non-local host is blocked from access to the CORS web server for security reasons. However, any host specified by hostname or IP number as one element of a comma-separated list in the value of this system property will also be allowed. This might be used to allow access from a "friendly" near-local host like a tablet.- See Also:
-
-
Constructor Details
-
CorsHttpServer
Constructor.- Parameters:
socket
- socket hosting the serviceauthorizer
- defines which domains requests will be permitted from- Throws:
IOException
-
-
Method Details
-
serve
Description copied from class:HttpServer
Does the work for providing output corresponding to a given HTTP request. This implementation calls each Handler in turn and the first one to provide a non-null response is used.- Overrides:
serve
in classHttpServer
- Parameters:
request
- represents an HTTP request that has been received- Returns:
- represents the content of an HTTP response that should be sent
-
createNonLocalErrorResponse
Returns an HTTP error response complaining about attempted access from a disallowed host.- Parameters:
request
- offending request- Returns:
- HTTP 403 response
-
isPermittedHost
Indicates whether a network address is known to represent a host permitted to access this server. That generally means the local host, but "extra" hosts may be permitted as well.- Parameters:
address
- socket address- Returns:
- true iff address is known to be permitted
-
isLocalHost
Indicates whether the given socket address is from the local host.- Parameters:
address
- socket to test- Returns:
- true if the socket is known to be local
-
isExtraHost
Indicates whether a given address represents one of the "extra" hosts permitted to access this server alongside the localhost.- Parameters:
addr
- address of non-local host to test- Returns:
- true iff host is permitted to access this server
-